Spaces:
Sleeping
Sleeping
| # syntax=docker/dockerfile:1.4 | |
| # --- Stage 1: Builder --------------------------------------------------------- | |
| FROM python:3.11-slim AS builder | |
| ENV PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 \ | |
| PIP_NO_CACHE_DIR=1 | |
| WORKDIR /app | |
| # Install deps once and build wheels for a reproducible, cacheable layer | |
| COPY requirements.txt . | |
| RUN pip wheel --no-cache-dir --wheel-dir /app/wheels -r requirements.txt | |
| # --- Stage 2: Final Image ----------------------------------------------------- | |
| FROM python:3.11-slim | |
| ENV PYTHONDONTWRITEBYTECODE=1 \ | |
| PYTHONUNBUFFERED=1 \ | |
| # Platforms like HF Spaces set PORT at runtime; default to 7860 for local | |
| PORT=7860 | |
| WORKDIR /app | |
| # Minimal runtime deps (TLS certs for HTTPS calls, etc.) | |
| RUN apt-get update \ | |
| && apt-get install -y --no-install-recommends ca-certificates \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # Install prebuilt wheels | |
| COPY --from=builder /app/wheels /wheels | |
| COPY --from=builder /app/requirements.txt . | |
| RUN pip install --no-cache-dir /wheels/* | |
| # Copy app source | |
| COPY . . | |
| # Non-root for security | |
| RUN useradd --create-home --shell /bin/bash appuser \ | |
| && chown -R appuser:appuser /app | |
| USER appuser | |
| # --- Ports commonly used with A2A agents ------------------------------------- | |
| # NOTE: EXPOSE is documentation; publishing happens via `-p host:container`. | |
| # 443 β Recommended prod HTTPS port (JSON-RPC /rpc and websockets on TLS) | |
| # 80 β HTTP (typically only to redirect β 443 behind a reverse proxy) | |
| # 8080 β Very common app / agent port for /rpc during dev/staging | |
| # 8000 β Uvicorn/Gunicorn defaults (also used in many Python stacks) | |
| # 7860 β Popular in ML tooling & Hugging Face Spaces (default UI port here) | |
| # 5000 β Flask default (frequent in prototypes and simple agents) | |
| # 3000 β Node dev servers / proxy frontends around agents | |
| # 8443 β Alternate TLS port (used in some k8s/ingress setups) | |
| EXPOSE 443 | |
| EXPOSE 80 | |
| EXPOSE 8080 | |
| EXPOSE 8000 | |
| EXPOSE 7860 | |
| EXPOSE 5000 | |
| EXPOSE 3000 | |
| EXPOSE 8443 | |
| # --- Start command ------------------------------------------------------------ | |
| # Use shell form so ${PORT} expands at runtime (important on HF Spaces). | |
| # --host 0.0.0.0 allows external connections | |
| # --proxy-headers plays nice behind reverse proxies | |
| CMD ["sh", "-c", "uvicorn app.main:app --host 0.0.0.0 --port ${PORT:-7860} --proxy-headers"] | |